Community Privacy Notice

Last Updated: May 16, 2025

1. Controller of the Persona Data:

Konovo LLC,
480 Pleasant Street,
Watertown,
MA 02472,
USA

2. CATEGORY OF PERSONAL DATA AND PURPOSES OF PROCESSING

KONOVO collects personal data from the members of its community of respondents and non-members who participate in market research activities sponsored by KONOVO’s clients. Listed below are the categories of personal data we process and purposes.

2.1. Registration with our Community: KONOVO collects Personal Data of individuals when they register with our website or community. This may include:

2.1.1. Personal Information: Name, surname, age, telephone number, email address, postal address.

2.1.2. Professional information: Medical specialty, your practice/institution name and address your NPIs or medical association number, and years in practice.

2.1.3. Transaction history: The amount of incentives you have earned and redeemed

2.1.4. Other information: Specific information that we derived from your participation in market research activities. We only use the data provided to allow your participation in market research activities

2.1.5. Identity verification: As part of the registration process to our Community, you will be required to pass an identity check verification. The process may involve the scan of an applicable identification document that is inclusive of a picture of yourself. This process may also include Biometric data (e.g. facial images) is processed during the identity check. Identity validation will also include review of publicly available data associated with your name, address, email address and may also include the prompt of security questions. The identity verification provider will process your personal information in accordance with their privacy policy and you will have the opportunity to review their privacy policy before providing your consent. We have the legitimate interest to use the information provided by the identity verification provider for identity and fraud prevention.

2.1.6. Professional background checks: In order to verify that you are a qualified and in practice healthcare professional, we might contact your working institution, checking your name, NPI, GMC, RPPS, state license number or other applicable medical association licensure against federal and local registries or third parties’ databases. We have the legitimate interest to verify your professional background for the identity verification provider for identity and fraud prevention.

2.1.7. Tax Report: As a US based company, KONOVO reports the incentives received by the market research participants to the US federal tax authority. KONOVO is required by US law to collect your personal information via the W9 form for US citizens.

2.1.8. Market research activities: During market research activities, KONOVO may collect personal information related to member and not-member participation. This can include your answers to a survey or audio or/and video recordings of a market research interview. If you are not a member of the KONOVO Community, we may also need to collect certain personal information for incentive fulfillment purposes as explained below. Before your participation in each market research activity, you will be informed about study requirements, and you will be asked to provide your consent.

2.1.9. Incentives fulfillment: KONOVO processes your personal data to compensate you for the market research activities you complete. Depending on the type of compensation you select we may process different types of personal information. This could just be your full name and email address or your bank account number or IBAN.

2.2. Relationship Communication Data: Processing contact data for the purposes of managing our relationships and communicating with you (excluding communicating for the purposes of direct marketing) by email and/or telephone. We may process personal information contained in or relating to any communication that you send to us or that we send to you. The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.

2.3. Usage data: KONOVO may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type, version and language, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. We may also collect and process data on the websites you visited before our sites that may be logged automatically if you are redirected to our site from our advertising campaigns. The source of the usage data is our analytics tracking system, marketing automation platform or other marketing technologies. You might find more information in our Cookie Policy below.

2.4. Publications: In certain occasions and strictly in accordance with your express instructions, we may process your personal data for the purposes of publishing such data on our website and elsewhere through our services.

2.5. Direct marketing: Processing contact data for the purposes of creating, targeting, and sending direct marketing communications by email and making contact by telephone for marketing-related purposes. We do this to improve and facilitate your participation in market research activities.

2.6. Record keeping: Processing your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records in servers located in the United States. We do this to ensure that we have access to all the information we need to run our business properly and efficiently in accordance with this Notice.

2.7. Vital interests: Processing your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

2.8. Legal: Required by Law: for other business-related purposes permitted or required under applicable local law and regulation for example, governmental transparency reporting, tax, crime investigation and national security; and as otherwise required by law.

2.9. Statistical Data: We may use some of the data of our Community in aggregate for statistical reasons.

2.10. Information collected: The Personal Data that we collect may vary based on your interaction with KONOVO. As a general matter, KONOVO collects the following types of Personal Data:

Data collected from individuals:

Category	Examples	Collected
A.       Personal data	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, Social Security number, or other similar identifiers, telephone number, employment	Yes
B.       Special categories of personal data ART. 9 GDPR	Age (40 years or older), race, color, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, biometric data.	Yes
C.       Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website.	Yes
D.      Geolocation data.	Physical location or movements.	Yes
E.       Sensory data.	Audio, visual, or similar information.	Yes
F.       Professional or employment-related information.	Occupation, Employer Information.	Yes

3. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

KONOVO uses the below legal bases for processing your data in relation to the above identified purposes:

Legal Base	Purposes
Your Consent	Market research, Publications, Usage data In general
Execution of a contract to which you or your company is party or in order to take preliminary steps at your request prior to entering into a contract	Registration with our Community Relationships and communications Direct marketing
Comply with a legal obligation to which the KONOVO is subject	Vital interests Required by Law Tax Reporting
Legitimate interest	Professional background checks Direct marketing Research and analysis Record keeping Identity Verification

4. SPECIAL CATEGORY OF PERSONAL DATA OR SENSITIVE DATA

4.1. KONOVO might process certain categories of data that can be considered very sensitive. This data may be collected when individuals participate in market research activities carried out by KONOVO directly or on behalf of their clients. We are committed to handling this data with extreme care and only a few authorized people have access to it. Such data might include: information about your health, your ethnic origin, biometric data, trade union membership, etc. Where we process special categories of personal data, “Sensitive Personal Data,” we will always obtain your explicit consent to those activities unless:

4.1.1. Consent is not required by law;
4.1.2. To protect your vital interests where you are incapable of giving your consent;
4.1.3. For the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity;
4.1.4. Processing is necessary for reasons of public interest in the area of public health as required by the local law.

4.2. Where this is allowed by law, you may have the right to withdraw that consent at any time.

5. AUTOMATED DECISIONS

5.1. We reserve the right to make automated decisions, including using machine learning algorithms about website visitors in order to optimize and provide better experience when navigating our websites. Only digital data as specified in section 8 are included in this processing.

5.2. We might analyze your participation in our surveys with the purpose of enriching the profiling data we hold about yourself. The profiling data that we have collected might be used for making manual or automated decisions that involve your participation to market research activities. As a result of this processing, we will be able to send you market research activities within your sphere of expertise and interest.

5.3. You may contact us if you would like any clarifications about the automated decisions.

6. DIGITAL DATA

6.1. Cookies: KONOVO may set and use cookies to enhance your user experience on the sites, such as retaining your personal settings and preferences. You may set your browser to prevent or reject cookies, or you may manually delete any cookies set. If you reject the cookies on the sites, you may still be able to use the sites, but they shall be limited to certain minimal functionality. From time to time KONOVO may use third-party tracking utilities that use session ID cookies that track site usability and assist KONOVO in improving user experience. This Privacy Notice does not cover the use of cookies by our third party providers as we do not have access or control over these cookies.

6.2. We may collect information on our sites or in our emails using web beacons and or tracking pixels (electronic images). We may use beacons to count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon.

6.3. You can review the cookies used by KONOVO’s website in the Cookies section below.

6.4. Configuration Panel: You can configure the Cookie by using the configuration panel popping up when you visit our website.

6.5. Trend Analyses: KONOVO may use IP addresses to analyze trends, administer the Sites, track your movement within the Sites, and gather broad demographic information for aggregate use.

6.6. Links to other sites: our sites include links to other websites whose privacy practices may differ from KONOVO’s. If you submit personal data to any of those sites, your information is governed by the privacy statements of those third-party sites.

6.7. Managing cookies: Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

• https://support.google.com/chrome/answer/95647 (Chrome);
• https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop (Firefox);
• https://help.opera.com/en/latest/security-and-privacy/  (Opera);
• https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
• https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac  (Safari);
• https://support.microsoft.com/en-gb/help/4468242/microsoft-edge-browsing-data-and-privacy (Edge).

7. CHOICE WITH RESPECT TO USES AND DISCLOSURES OF PERSONAL DATA

7.1. KONOVO recognizes that individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights. We offer individuals the opportunity to opt out of disclosures of Personal Data to a third party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. We will comply with the GDPR with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a third party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.

8. DISCLOSURE/TRANSFER OF INFORMATION FOR A BUSINESS PURPOSE

8.1. KONOVO may disclose your Personal Information to a third party for a business purpose. We do this by entering into a contract that describes the purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract. Furthermore, third parties must comply with the GDPR and agree to provide adequate protections that are no less protective than those set out in this Notice.

8.2. Disclosure: We may disclose your Personal Information for a business purpose to the following categories of third parties:

8.2.1. Our affiliates and subsidiaries
8.2.2. Service Providers and consultants
8.2.3. Professional services organizations, such as auditors and law firms
8.2.4. Our business partners
8.2.5. Internet service providers
8.2.6. Government entities
8.2.7. Operating systems and platforms
8.2.8. Survey hosting providers
8.2.9. Identity verification and fraud prevention Providers
8.2.10. Rewards fulfillment providers
8.2.11. SMS and video conference service providers
8.2.12. Customer and panel support services
8.2.13. Credit card processor
8.2.14. Tax authorities

8.3. Purposes of disclosure: KONOVO may disclose your personal information for the below purposes:

8.3.1. Survey reporting
8.3.2. Email services
8.3.3. Authentication of medical licenses
8.3.4. Identity verification and fraud prevention
8.3.5. Offering and providing customer support
8.3.6. Internal marketing campaigns for improving and facilitating participation of Panel Members in market research activities
8.3.7. Internal marketing engagement e.g. newsletters
8.3.8. Honorarium processing and fulfillment
8.3.9. Auditing purposes and governmental reporting
8.3.10. Tax reporting
8.3.11. Allowing participation in market research activities
8.3.12. For complying with your requests or contract obligation we have with you

8.4. Disclosures due to acquisition or merge: We may share your information in connection with a merger, sale of company assets, financing or acquisition of all or a portion of our business to another company, if any. In this event, KONOVO will notify you before information about you is transferred and becomes subject to a different privacy policy.

8.5. Anonymous information: We may also share aggregated or anonymous information that does not directly identify you. KONOVO may share anonymized aggregated demographic information with KONOVO partners.

8.6. Other forms of disclosures: KONOVO also may discloses your personal data for other purposes or to other third parties when you have consented to or requested such disclosure or under the following circumstances:

8.6.1. We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;

8.6.2. We believe it is necessary to share information in order to investigate or prevent fraud, or to take action regarding illegal activities, situations involving potential threats to the physical safety of any person, or as otherwise required by law.

8.6.3. We transfer information about you if KONOVO is acquired by or merged with another company. In this event, KONOVO will notify you before information about you is transferred and becomes subject to a different privacy notice.

8.6.4. In response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

8.7. Third party compliance: Such third parties must agree to use such Personal Data only for the purposes for which they have been engaged by KONOVO and they must either:

8.7.1. comply with the GDPR, the Data Privacy Framework (DPF) principles, or another mechanism permitted by the applicable European data protection law(s) for transfers and processing of Personal Data; or

8.7.2. agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Notice.

8.8. Liability: KONOVO is potentially liable in cases of onward transfers of Personal Data to third parties, such as when third parties that act as agents on our behalf process Personal Data in a manner inconsistent with applicable data protection regulations.

9. TRANSFER PERSONAL DATA OUTSIDE THE EEA, UK AND SWITZERLAND

9.1. The third parties as described in paragraph 9.7 might be based in US or in countries other than EEA, UK and Switzerland. In these instances, KONOVO imposes strict contractual obligations and executes Standard Contractual Clauses with third parties to maintain a level of protection that is equal to the GDPR requirements.

9.2. In other instances, we may ask your consent to allow us to transfer your personal data into another country. In doing so we will provide you with full information about the transfer.

9.3. You may contact our DPO if you would like to know more about our international transfer assessment and/or copy of the transfer mechanism that we use for sharing your Personal Data outside your country of residence.

10. ANTI-SPAM

10.1. KONOVO maintains a strict “No-Spam” policy, which means that KONOVO does not intend to sell, rent or otherwise give your email address to a third-party without your consent.

11. DATA INTEGRITY, PURPOSE LIMITATION AND RETENTION

11.1. KONOVO will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. To that end, KONOVO will take reasonable steps to ensure that your Personal Data is reliable for its intended use, accurate, complete, and current. KONOVO uses reasonable efforts to maintain the accuracy and integrity of your Personal Data and to update it as appropriate.

11.2. Data deletion and retention: Konovo will retain personal data only for as long as necessary to fulfill the purpose for which it was collected or to comply with legal or regulatory obligations. To determine the appropriate retention period for personal data, we consider the type and the sensitivity of data that we collected about you, any harm that an illegal disclose may pose to your rights and freedoms, and the last time that your data has been updated.

We may retain your information as necessary (including a longer period) to comply with our legal obligations, resolve disputes and enforce our agreements

12. PERSONNEL ACCESS OF PERSONAL DATA

12.1. Personnel from KONOVO may access and use your personal data only if they are authorized to do so and only for the purpose for which they are authorized.

13. DATA SECURITY

13.1. KONOVO has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to KONOVO’s electronic information systems requires user authentication via password or similar means. KONOVO also employs access restrictions, such as limiting the scope of employees who have access to Customer Personal Data. Further, KONOVO uses secure encryption technology to protect certain categories of personal data.

13.2. Despite these precautions, no data security safeguards guarantee 100% security all of the time.

14. YOUR RIGHTS

14.1. Right of Access: You have the right to obtain confirmation about whether your personal data is included in our databases. Upon request, KONOVO will provide an individual access to your personal data within the time frame dictated by the applicable data protection regulations. KONOVO will allow you to know what Personal Data is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which KONOVO collected the Personal Data. You may also request a copy of your data in a commonly used and machine-readable form.

14.2. Right of Rectification: You may review your own Personal Data stored in the databases and you can request to correct, update, modify, or delete any data that is incorrect or incomplete.

14.3. Right of Erasure: You may request to have the personal information that we have about you to be deleted from our servers. KONOVO will take reasonable steps, including technical measures, to comply with your request. In some circumstances your request might be rejected if it falls under one of the following categories:

14.3.1. exercising the right of freedom of expression and information
14.3.2. for compliance with a legal obligation
14.3.3. for reasons of public interest in the area of public health
14.3.4. archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
14.3.5. establishment, exercise or defense of legal claims

14.4. Objection: You may object, at any time, to your Personal Data being processed for a specific purpose.

14.5. Restriction of Processing: You may restrict processing of your Personal Data for certain reasons, such as, for example if you consider your Personal Data collected by us to be inaccurate or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration.

14.6. Data Portability: You may request the Personal Data you provided to us in a commonly used and machine-readable form.

14.7. Right to Withdraw Consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services.

14.8. Right to complain to a supervisory authority: you might lodge a complaint about our processing of your personal data with your local Data Protection Authority; KONOVO will collaborate with the authority to resolve it.

14.9. Limitations: these rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://edpb.europa.eu/our-work-tools/general-guidance/gdpr-guidelines-recommendations-best-practices_en and https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

15. HOW TO EXERCISE YOUR RIGHTS

You can exercise your rights by filling out this form. You may also submit a request to [email protected], via postal mail at KONOVO, Attn: Privacy Department, KONOVO Intelligence Operating, LLC, 480 Pleasant Street, Watertown, MA 02472, USA

16. RESPONSE TIMING AND FORMAT

16.1. We endeavor to respond to a verifiable request within 30 days of its receipt. If we require more time (up to two extra months), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a verifiable request, if applicable.

16.2. We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

16.3. Request that we can’t process: We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable request does not require you to create an account with us. We will only use Personal Information provided in a verifiable request to verify your identity or authority to make the request.

16.4. KONOVO will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise:

16.4.1. legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or

16.4.2. requests received from the Data Subject.

17. NOTIFICATION

17.1. KONOVO notifies Clients and individuals about its adherence to GDPR and other applicable data protection regulations, as well as the Data Privacy Framework (DPF) principles, through its publicly posted website privacy notice, available at https://konovo.com

18. RESPONSIBILITIES AND MANAGEMENT

18.1. KONOVO has designated the Privacy Department to oversee its information security program, including its compliance with the Data Privacy Framework (DPF) program. The Privacy Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Notice also may be directed to: [email protected]

19. ENFORCEMENT AND DISPUTE RESOLUTION

19.1. We commit to resolving individuals’ complaints related to our privacy practices or our collection, or use, or disclosure of Personal Data. An individual may file a privacy complaint by contacting our DPO at [email protected]. Further, individuals with questions or concerns about the use or disclosure of their Personal Data should contact us as outlined in Section 15.

19.2. If an individual’s complaint cannot be satisfied through our internal complaint process, the individual may bring a complaint before the ICDR/AAA Data Privacy Framework (DPF) Program, a non-profit alternative dispute resolution provider located in the United States and operated by the international division of the American Arbitration Association. The ICDR/AAA Data Privacy Framework (DPF) Program is designed to handle eligible complaints brought by Swiss, UK and EU citizens about Data Privacy Framework (DPF) Principles. If you have any complaints regarding our compliance with the Data Privacy Framework (DPF) you should first contact us (as provided above). If contacting us does not resolve your complaint or you do not receive timely acknowledgement of your complaint, please visit the ICDR/AAA Data Privacy Framework (DPF) Program website at http://go.adr.org/privacyshield.html for more information and to file a complaint. We will cooperate with the independent dispute resolution mechanism to resolve any complaint that is not resolved through our internal processes.

19.3. If a complaint regarding the Data Privacy Framework (DPF) compliance is not resolved by any of the above dispute resolution mechanisms, an individual has the possibility, under certain conditions, to invoke binding arbitration. Additional information about binding arbitration can be found here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

19.4. The above does not preclude your right to contact your local Data Protection Authority. We will collaborate with the DPA to find a solution to resolve the complaint.

20. CHANGES TO THIS NOTICE

20.1. KONOVO will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. KONOVO personnel will receive training, as applicable, to effectively implement this Notice. Please refer to Section VIII for a discussion of the steps that KONOVO has undertaken to protect Personal Data.

20.2. This Notice may be amended from time to time, consistent with the Data Privacy Framework (DPF) Principles and applicable data protection and privacy laws and principles. We will notify Customers if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.

21. DEFINITIONS

Capitalized terms in this Privacy Notice have the following meanings:

21.1. “Customer” means a prospective, current, or former partner, vendor, supplier, customer, or client of KONOVO. The term also shall include any individual agent, employee, representative, customer, or client of an KONOVO Customer where KONOVO has obtained his or her Personal Data from such Customer as part of its business relationship with the Customer.

21.2. “Data Subject” means an identified or identifiable natural living person in the European Union. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.

21.3. “Employee” means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of KONOVO.

21.4. “Europe” or “European” refers to a country in the European Economic Area.

21.5. “Personal Data” as defined under Regulation (EU) 2016/679, the General Data Protection Regulation means any and all data (regardless of format) that (i) identifies or can be used to identify, contact or locate a natural person, or (ii) pertains in any way to an identified natural person. Personal Data includes obvious identifiers (such as names, addresses, email addresses, phone numbers and identification numbers) as well as biometric data, “personal data” (as defined in the GDPR), and any and all information about an individual’s computer or mobile device or technology usage, including (for example and without limitation) IP address, MAC address, unique device identifiers, unique identifiers set in cookies, and any information passively captured about a person’s online activities, browsing, application or hotspot usage or device location.

21.6. “Sensitive Data” is a subset of Personal Data which due to its nature has been classified by law as deserving additional privacy and security protections. Sensitive Personal Data consists of: (i) all government-issued identification numbers, (ii) all financial account numbers (including payment card information and health insurance numbers), (iii) individual medical records, genetic and biometric information, (iv) user account credentials, such as usernames, passwords, security questions/answers and other password recovery data, (v) data elements that constitute Special Categories of Data under the GDPR, namely EEA Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, and (vi) any other Personal Data designated by KONOVO as Sensitive Personal Data.